Feeds

Google throws a bone to privacy watchdogs

Will keep your data for 18 months

Beginner's guide to SSL certificates

Google is cutting back the time it holds user-identifying data - a little. But will this be enough to placate privacy advocates?

The search giant is to scrub personally identifying information after 18 months, compared with the limit of 18 months to two years it set out in March.

Google's Global Privacy Counsel Peter Fleischer announced the revised policy in a June 10 letter addressed to the head of a European Union working group that recently called on Google to justify why it needed to store personally identifiable information for as long as two years. The Article 29 Data Protection Working Party had also requested Google provide more details about how it planned to anonymize data.

"After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18-to-24 months," Fleischer wrote in an accompanying blog entry. But lest Google critics take to spontaneous dancing in the streets, Fleischer warned "that future data retention laws may obligate us to raise the retention period to 24 months".

If it sounds like Google is tip-toeing through a mine field, it's because the company has come under fierce attack by privacy advocates. Recently, Privacy International, a UK-based privacy watchdog, ranked Google's privacy practices last among major internet service companies. And a chorus of critics have formally complained to the Federal Trade Commission that Google's proposed acquisition of DoubleClick, the biggest online ad server company, would create a repository of consumer information so vast it would be ripe for abuse by Google, its partners and government agents.

To hear Fleischer tell it, Google is walking the razor-thin line between security, innovation and compliance on the one side and privacy on the other. While a decision not to collect personal information at all would warm the hearts of even the most jaded privacy advocates, it would hamper other important objectives, he says. Among them is internet security and enforcement of child protection laws, which benefit from Google collecting IP numbers and tying them to specific searches.

And as if that wasn't enough, Fleischer says, Google as a global business has to comply with a patchwork of conflicting laws that span the globe. Complying with, say, a European law that mandates that personal information be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed" may seem like a simple thing. But try telling that to the US goon squad enforcing Sarbanes Oxley, which requires Google "retain business records sufficient to establish adequate financial and other controls".

Food for thought, perhaps, but Kevin Bankston, a staff attorney at the Electronic Frontier Foundation remains skeptical that forces beyond Google's control mandate the storing of personal data for such a long period. By comparison, he says, AOL anonymizes searches after 30 days. He also criticizes Google for not explaining exactly what laws it believes requires it to store information for as long as 18 months.

Says Bankston: "The burden is on Google to demonstrate why that is the case. Considering the much shorter retention periods of competitors like AOL, I don't think they've met that burden." ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.